RPM-Net Reciprocal Point MLP Network for Unknown Network Security Threat Detection

Daoqi Han; Fan Feng; Jiachen Zhang; Shengli Pan; Yueming Lu; Zhanfeng Wang

arxiv: 2604.06638 · v1 · submitted 2026-04-08 · 💻 cs.CR · cs.AI

RPM-Net Reciprocal Point MLP Network for Unknown Network Security Threat Detection

Jiachen Zhang , Yueming Lu , Fan Feng , Zhanfeng Wang , Shengli Pan , Daoqi Han This is my paper

Pith reviewed 2026-05-10 18:05 UTC · model grok-4.3

classification 💻 cs.CR cs.AI

keywords unknown threat detectionnetwork securityreciprocal point mechanismclass imbalanceadversarial marginopen-set recognitionMLP networkcybersecurity

0 comments

The pith

RPM-Net learns reciprocal points representing non-class space for each known attack to detect unknown network threats geometrically.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper seeks to address detection of unknown threats amid multiple known attack classes and data imbalance by moving beyond standard class representation learning. It introduces reciprocal points that stand in for the space outside each known category, paired with adversarial margin constraints to enforce clear geometric separation. This combination lets the model flag points that fall outside all known boundaries as unknowns. Experiments report gains in F1-score, AUROC, and AUPR-OUT over prior techniques. If the separation holds in practice, security systems could identify novel attacks without prior examples of them.

Core claim

The central claim is that the reciprocal point mechanism learns non-class representations for each known attack category and, when combined with adversarial margin constraints, supplies geometric interpretability that separates unknown threats from known classes in imbalanced multi-class network data.

What carries the argument

The reciprocal point mechanism, which constructs a point in feature space that represents everything outside a given known attack class.

If this is right

Detection performance rises on F1-score, AUROC, and AUPR-OUT relative to existing methods for unknown threat identification.
Adversarial margin constraints add geometric interpretability to decisions about what counts as unknown.
RPM-Net++ augmented with Fisher discriminant regularization yields additional gains on the same metrics.
The framework applies directly to operational network security monitoring where new threats must be caught without labeled examples.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

The same reciprocal-point construction might transfer to other open-set problems such as spotting novel malware families or anomalous user behavior.
Periodic retraining of the reciprocal points could be tested as a way to handle gradual drift in network traffic patterns over time.
Deployment on live high-volume traffic streams would reveal whether the geometric separation remains stable under concept drift and class imbalance shifts.

Load-bearing premise

Reciprocal points derived from known classes will place truly unknown threats reliably outside the learned boundaries despite real-world imbalance and variation in network data.

What would settle it

Inserting new synthetic threats that closely mimic known attack patterns into the evaluation set and checking whether AUROC and AUPR-OUT remain higher than the baselines reported in the paper.

read the original abstract

Effective detection of unknown network security threats in multi-class imbalanced environments is critical for maintaining cyberspace security. Current methods focus on learning class representations but face challenges with unknown threat detection, class imbalance, and lack of interpretability, limiting their practical use. To address this, we propose RPM-Net, a novel framework that introduces reciprocal point mechanism to learn "non-class" representations for each known attack category, coupled with adversarial margin constraints that provide geometric interpretability for unknown threat detection. RPM-Net++ further enhances performance through Fisher discriminant regularization. Experimental results show that RPM-Net achieves superior performance across multiple metrics including F1-score, AUROC, and AUPR-OUT, significantly outperforming existing methods and offering practical value for real-world network security applications. Our code is available at:https://github.com/chiachen-chang/RPM-Net

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

RPM-Net applies reciprocal points to an MLP for open-set unknown threat detection in imbalanced network traffic, with some practical framing but evaluation details that need checking for robustness.

read the letter

The core idea in this paper is using reciprocal points to build explicit non-class representations for each known attack type inside an MLP, then adding adversarial margin constraints to push unknowns away geometrically. RPM-Net++ layers on Fisher discriminant regularization to sharpen the known-class clusters. This setup targets a real gap in network security tools, where new threats appear constantly and training data is heavily skewed toward common attacks. The geometric interpretability angle and the released GitHub code are the parts that stand out as useful for someone who might actually deploy something like this. The combination is presented as novel for this domain even if reciprocal-point ideas exist in broader open-set work. The paper does a clean job laying out the limitations of prior representation-learning approaches for this exact setting. The main soft spot is the evaluation. The abstract and claims rest on superior F1, AUROC, and AUPR-OUT numbers, but those gains are only as convincing as the protocol for constructing the unknown test set. If the unknowns are simply held-out samples from the same attack families or drawn from the training feature distribution, the reported separation could be easier than what happens with genuine distributional shift in live traffic. The stress-test note on sampling protocol is worth pressing in review; without seeing explicit checks for temporal or cross-dataset shifts, it is hard to know how far the reciprocal-point construction travels. The paper shows honest engagement with the class-imbalance and interpretability issues rather than hand-waving them. It is aimed at applied security researchers who need a concrete method to try on traffic logs, not at theorists looking for new open-set theory. A reader who works on anomaly detection in networks could extract the implementation and test it on their own data. It is coherent enough on its own terms to deserve referee time, mainly to verify the experimental controls and whether the gains survive more demanding unknown-construction tests.

Referee Report

3 major / 1 minor

Summary. The paper proposes RPM-Net, a reciprocal point MLP network for unknown network security threat detection in multi-class imbalanced settings. It introduces reciprocal points to learn non-class representations for known attack categories, pairs them with adversarial margin constraints for geometric interpretability, and adds Fisher discriminant regularization in RPM-Net++. The central claim is that this yields superior performance on F1-score, AUROC, and AUPR-OUT relative to existing methods, with practical value for real-world applications; code is released.

Significance. If the empirical superiority holds under rigorous validation and the reciprocal-point construction proves robust, the work could advance interpretable open-set detection for cybersecurity by providing a geometric mechanism to flag unknowns amid imbalance. Releasing code supports reproducibility, which is a clear strength.

major comments (3)

[Abstract] Abstract: the claim that RPM-Net 'achieves superior performance across multiple metrics including F1-score, AUROC, and AUPR-OUT, significantly outperforming existing methods' supplies no numerical values, baseline names, dataset statistics, or statistical tests, so the data-to-claim link cannot be evaluated and the central empirical assertion remains unsupported in the provided text.
[§3 (Method)] The reciprocal point mechanism (introduced as a new representational entity) is asserted to enable reliable separation of unknowns, yet no derivation or formal argument is given showing that the points remain separated under realistic open-world distributional shifts rather than the specific unknown-sampling protocol used in experiments; this is load-bearing for both the performance and interpretability claims.
[§4 (Experiments)] The experimental protocol for constructing the 'unknown' test set is not described in sufficient detail to rule out artifacts (e.g., holding out subsets from the same attack families or sampling within the training feature space); without this, the reported AUROC/AUPR-OUT gains cannot be taken as evidence of robustness to true unknown threats.

minor comments (1)

[Abstract] The GitHub link is provided, which is helpful for reproducibility; ensure the repository contains the exact experimental scripts and data splits used for the reported metrics.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive comments, which help improve the clarity and rigor of our manuscript. We address each major comment in turn.

read point-by-point responses

Referee: [Abstract] Abstract: the claim that RPM-Net 'achieves superior performance across multiple metrics including F1-score, AUROC, and AUPR-OUT, significantly outperforming existing methods' supplies no numerical values, baseline names, dataset statistics, or statistical tests, so the data-to-claim link cannot be evaluated and the central empirical assertion remains unsupported in the provided text.

Authors: We agree that the abstract should provide more concrete support for the claims. In the revised manuscript, we will update the abstract to include specific performance numbers from our experiments, mention the datasets used, and note that results are averaged over multiple runs. The detailed comparisons remain in Section 4, but we will make the abstract more informative. revision: yes
Referee: [§3 (Method)] The reciprocal point mechanism (introduced as a new representational entity) is asserted to enable reliable separation of unknowns, yet no derivation or formal argument is given showing that the points remain separated under realistic open-world distributional shifts rather than the specific unknown-sampling protocol used in experiments; this is load-bearing for both the performance and interpretability claims.

Authors: The reciprocal point mechanism is introduced to represent the complementary 'non-class' region for each known class, with the adversarial margin loss ensuring that known samples are separated from these points. This provides geometric interpretability as unknowns are expected to lie closer to reciprocal points. While we do not offer a formal mathematical derivation proving separation for all possible distributional shifts, the construction is grounded in the open-set assumption and validated empirically. We will expand the discussion in Section 3 to better articulate the design rationale and assumptions. revision: partial
Referee: [§4 (Experiments)] The experimental protocol for constructing the 'unknown' test set is not described in sufficient detail to rule out artifacts (e.g., holding out subsets from the same attack families or sampling within the training feature space); without this, the reported AUROC/AUPR-OUT gains cannot be taken as evidence of robustness to true unknown threats.

Authors: We thank the referee for pointing this out. The current description in Section 4.1 follows the standard protocol from prior open-set recognition works, where entire classes of attacks are held out as unknowns. However, we agree more detail is needed. In the revision, we will provide a precise description of the unknown construction process, including how attack families are partitioned to ensure no overlap with training classes, and confirm that test samples are drawn from the original test distribution. revision: yes

Circularity Check

0 steps flagged

No circularity: RPM-Net defines new mechanisms independently of fitted outputs

full rationale

The paper proposes RPM-Net as a novel MLP-based architecture that introduces reciprocal points for non-class representations and adversarial margin constraints for geometric separation of unknowns. No equations, derivations, or predictions are presented that reduce by construction to the model's own fitted parameters, self-citations, or renamed empirical patterns. Performance metrics (F1, AUROC, AUPR-OUT) are reported from experiments on network datasets rather than tautological re-expressions of inputs. The framework is self-contained as an architectural contribution with external validation via code release and comparative results.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 1 invented entities

Only the abstract is available, so concrete free parameters, axioms, and invented entities cannot be enumerated in detail. The approach rests on standard neural-network training assumptions plus the newly introduced reciprocal-point representation whose effectiveness is asserted but not derived from first principles.

invented entities (1)

reciprocal point no independent evidence
purpose: To learn non-class representations for each known attack category
Introduced as the core novel mechanism in the framework; no independent external evidence or falsifiable prediction outside the model is mentioned.

pith-pipeline@v0.9.0 · 5449 in / 1168 out tokens · 62148 ms · 2026-05-10T18:05:06.140357+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Reciprocal points P_k represent 'what a class is not.' ... d(z, P_k)=d_e(z,P_k)-d_c(z,P_k) ... L_margin=1/N Σ max(d_e(zi,P_yi)-R_yi,0) ... s(x)=max_k d(ϕ(x),P_k) < τ → unknown

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

28 extracted references · 28 canonical work pages · 1 internal anchor

[1]

INTRODUCTION Network technology advancement and digital transforma- tion have elevated network security to a critical challenge [1, 2]. Cyber attack techniques have become complex and diverse, expanding from conventional virus dissemination and denial of service attacks [3] to sophisticated forms such as ransomware, supply chain attacks, and zero-day expl...

work page internal anchor Pith review Pith/arXiv arXiv 2026
[2]

PROPOSED METHOD 2.1 Overall Architecture: The overall architecture of the proposed RPM-Net model is shown in Figure 2. RPM-Net consists of four components: (1) feature extractorϕ:R d →R m, (2) learnable reciprocal points{P k}K k=1 for each known class, (3) adversarial mar- gin constraints{R k}K k=1, and (4) Fisher discriminant regu- larization (RPM-Net++ ...

work page
[3]

CICIDS2017 contains 5 known classes (Benign, DDoS, DoS Hulk, PortScan, FTP-Patator), 2 val- idation classes, and 4 unknown test classes

EXPERIMENTS AND ANALYSIS We evaluate RPM-Net on CICIDS2017 [18] and UNSW- NB15 [19] datasets. CICIDS2017 contains 5 known classes (Benign, DDoS, DoS Hulk, PortScan, FTP-Patator), 2 val- idation classes, and 4 unknown test classes. UNSW-NB15 comprises 6 known classes (Benign, Analysis, Backdoor, DoS, Generic, Worms), 1 validation class, and 3 unknown class...

work page arXiv
[4]

CONCLUSION In this paper, we propose RPM-Net for network security threat detection, which includes reciprocal point mecha- nism, adversarial margin constraints, and fisher discriminant regularization(RPM-Net++). The reciprocal point mech- anism learns ”non-class” representations for each known attack category, while margin constraints create bounded featu...

work page
[5]

XZ202501ZY0026) and the Open Project Program of Guangxi Key Laboratory of Digital Infrastructure (Grant No

ACKNOWLEDGMENT This work was supported by the Science and Technol- ogy Projects of Xizang Autonomous Region, China (Grant No. XZ202501ZY0026) and the Open Project Program of Guangxi Key Laboratory of Digital Infrastructure (Grant No. GXDIOP2024018)

work page
[6]

Operating system network security enhancement scheme based on trusted storage,

Longyun Qi, Xiaoliang Lv, Lianwen Sun, Tianle Yao, Jianye Yu, and Lei Wang, “Operating system network security enhancement scheme based on trusted storage,” Intelligent and Converged Networks, vol. 4, no. 2, pp. 127–141, 2023

work page 2023
[7]

Multi-step attack detection based on pre- trained hidden markov models,

Xu Zhang, Ting Wu, Qiuhua Zheng, Liang Zhai, Haizhong Hu, Weihao Yin, Yingpei Zeng, and Chuan- hui Cheng, “Multi-step attack detection based on pre- trained hidden markov models,”Sensors, vol. 22, no. 8, pp. 2874, 2022

work page 2022
[8]

Security engineering of patient-centered health care in- formation systems in peer-to-peer environments: Sys- tematic review,

Imrana Abdullahi Yari, Tobias Dehling, Felix Kluge, Juergen Geck, Ali Sunyaev, and Bjoern M. Eskofier, “Security engineering of patient-centered health care in- formation systems in peer-to-peer environments: Sys- tematic review,”Journal of Medical Internet Research, vol. 23, 2020

work page 2020
[9]

Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024,

Syed Sohaib Karim, Mehreen Afzal, Waseem Iqbal, and Dawood Al Abri, “Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024,”Data in Brief, vol. 54, pp. 110290, 2024

work page 2024
[10]

A sequential deep learning frame- work for a robust and resilient network intrusion de- tection system,

Soumyadeep Hore, Jalal Ghadermazi, Ankit Shah, and Nathaniel D Bastian, “A sequential deep learning frame- work for a robust and resilient network intrusion de- tection system,”Computers & Security, vol. 144, pp. 103928, 2024

work page 2024
[11]

Ecnet: Robust malicious net- work traffic detection with multi-view feature and confi- dence mechanism,

Xueying Han, Song Liu, Junrong Liu, Bo Jiang, Zhi- gang Lu, and Baoxu Liu, “Ecnet: Robust malicious net- work traffic detection with multi-view feature and confi- dence mechanism,”IEEE Transactions on Information F orensics and Security, 2024

work page 2024
[12]

Ais-nids: An intelligent and self- sustaining network intrusion detection system,

Yasir Ali Farrukh, Syed Wali, Irfan Khan, and Nathaniel D Bastian, “Ais-nids: An intelligent and self- sustaining network intrusion detection system,”Com- puters & Security, vol. 144, pp. 103982, 2024

work page 2024
[13]

Conditional variational auto-encoder and extreme value theory aided two- stage learning approach for intelligent fine-grained known/unknown intrusion detection,

Jian Yang, Xiang Chen, Shuangwu Chen, Xiaofeng Jiang, and Xiaobin Tan, “Conditional variational auto-encoder and extreme value theory aided two- stage learning approach for intelligent fine-grained known/unknown intrusion detection,”IEEE Transac- tions on Information F orensics and Security, vol. 16, pp. 3538–3553, 2021

work page 2021
[14]

Enhancing iot net- work security: Unveiling the power of self-supervised learning against ddos attacks,

Josue Genaro Almaraz-Rivera, Jos ´e Antonio Cantoral- Ceballos, and Juan Felipe Botero, “Enhancing iot net- work security: Unveiling the power of self-supervised learning against ddos attacks,”Sensors (Basel, Switzer- land), vol. 23, 2023

work page 2023
[15]

Few-shot network intrusion detection based on pro- totypical capsule network with attention mechanism,

Handi Sun, Liang Wan, Mengying Liu, and Bo Wang, “Few-shot network intrusion detection based on pro- totypical capsule network with attention mechanism,” PLOS ONE, vol. 18, 2023

work page 2023
[16]

Distributed denial of service attack detec- tion in network traffic using deep learning algorithm,

Mahrukh Ramzan, Muhammad Shoaib, Ayesha Altaf, Shazia Arshad, Faiza Iqbal, ´Angel Kuc Castilla, and Im- ran Ashraf, “Distributed denial of service attack detec- tion in network traffic using deep learning algorithm,” Sensors (Basel, Switzerland), vol. 23, 2023

work page 2023
[17]

A convolu- tional neural network for improved anomaly-based net- work intrusion detection,

Isra M. Al-Turaiki and Najwa Altwaijry, “A convolu- tional neural network for improved anomaly-based net- work intrusion detection,”Big Data, vol. 9, pp. 233 – 252, 2021

work page 2021
[18]

Network traffic classification for data fusion: A survey,

Jingjing Zhao, Xuyang Jing, Zheng Yan, and Witold Pedrycz, “Network traffic classification for data fusion: A survey,”Inf. Fusion, vol. 72, pp. 22–47, 2021

work page 2021
[19]

Smote-drnn: A deep learning algorithm for botnet de- tection in the internet-of-things networks,

Segun I. Popoola, Bamidele Adebisi, Ruth Ande, Mo- hammad Hammoudeh, Kelvin O. O. Anoh, and Atayero, “Smote-drnn: A deep learning algorithm for botnet de- tection in the internet-of-things networks,”Sensors (Basel, Switzerland), vol. 21, 2021

work page 2021
[20]

Deep autoencoding gaussian mixture model for unsu- pervised anomaly detection,

Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Dae ki Cho, and Haifeng Chen, “Deep autoencoding gaussian mixture model for unsu- pervised anomaly detection,” inInternational Confer- ence on Learning Representations, 2018

work page 2018
[21]

Open set recognition with dissimilarity weight for unknown attack detection,

Gun-Yoon Shin, Dong-Wook Kim, and Myung-Mook Han, “Open set recognition with dissimilarity weight for unknown attack detection,”IEEE Access, vol. 11, pp. 102381–102390, 2023

work page 2023
[22]

Mf2pose: Multi-task feature fusion pseudo-siamese network for intrusion detection using category-distance promotion loss,

Jiawei Zhang, Rui Chen, Yanchun Zhang, Weihong Han, Zhaoquan Gu, Shuqiang Yang, and Yongquan Fu, “Mf2pose: Multi-task feature fusion pseudo-siamese network for intrusion detection using category-distance promotion loss,”Knowl. Based Syst., vol. 283, pp. 111110, 2023

work page 2023
[23]

Toward generating a new intrusion detec- tion dataset and intrusion traffic characterization,

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward generating a new intrusion detec- tion dataset and intrusion traffic characterization,” inIn- ternational Conference on Information Systems Security and Privacy, 2018

work page 2018
[24]

Poisoning and evasion: Deep learning-based nids under adversarial attacks,

Hesamodin Mohammadian, Arash Habibi Lashkari, and Ali A. Ghorbani, “Poisoning and evasion: Deep learning-based nids under adversarial attacks,”2024 21st Annual International Conference on Privacy, Se- curity and Trust (PST), pp. 1–9, 2024

work page 2024
[25]

A baseline for detecting misclassified and out-of-distribution examples in neural networks,

Dan Hendrycks and Kevin Gimpel, “A baseline for detecting misclassified and out-of-distribution examples in neural networks,” inInternational Conference on Learning Representations, 2017

work page 2017
[26]

Enhancing the reliability of out-of-distribution image detection in neu- ral networks,

Shiyu Liang, Yixuan Li, and R Srikant, “Enhancing the reliability of out-of-distribution image detection in neu- ral networks,” inInternational Conference on Learning Representations, 2018

work page 2018
[27]

A scalable network intrusion detection system towards de- tecting, discovering, and learning unknown attacks,

Zhao Zhang, Yong Zhang, Da Guo, and Mei Song, “A scalable network intrusion detection system towards de- tecting, discovering, and learning unknown attacks,”In- ternational Journal of Machine Learning and Cybernet- ics, vol. 12, pp. 1649 – 1665, 2021

work page 2021
[28]

Recent advances in open set recognition: A survey,

Chuanxing Geng, Sheng-jun Huang, and Songcan Chen, “Recent advances in open set recognition: A survey,” IEEE transactions on pattern analysis and machine in- telligence, vol. 43, no. 10, pp. 3614–3631, 2020

work page 2020

[1] [1]

INTRODUCTION Network technology advancement and digital transforma- tion have elevated network security to a critical challenge [1, 2]. Cyber attack techniques have become complex and diverse, expanding from conventional virus dissemination and denial of service attacks [3] to sophisticated forms such as ransomware, supply chain attacks, and zero-day expl...

work page internal anchor Pith review Pith/arXiv arXiv 2026

[2] [2]

PROPOSED METHOD 2.1 Overall Architecture: The overall architecture of the proposed RPM-Net model is shown in Figure 2. RPM-Net consists of four components: (1) feature extractorϕ:R d →R m, (2) learnable reciprocal points{P k}K k=1 for each known class, (3) adversarial mar- gin constraints{R k}K k=1, and (4) Fisher discriminant regu- larization (RPM-Net++ ...

work page

[3] [3]

CICIDS2017 contains 5 known classes (Benign, DDoS, DoS Hulk, PortScan, FTP-Patator), 2 val- idation classes, and 4 unknown test classes

EXPERIMENTS AND ANALYSIS We evaluate RPM-Net on CICIDS2017 [18] and UNSW- NB15 [19] datasets. CICIDS2017 contains 5 known classes (Benign, DDoS, DoS Hulk, PortScan, FTP-Patator), 2 val- idation classes, and 4 unknown test classes. UNSW-NB15 comprises 6 known classes (Benign, Analysis, Backdoor, DoS, Generic, Worms), 1 validation class, and 3 unknown class...

work page arXiv

[4] [4]

CONCLUSION In this paper, we propose RPM-Net for network security threat detection, which includes reciprocal point mecha- nism, adversarial margin constraints, and fisher discriminant regularization(RPM-Net++). The reciprocal point mech- anism learns ”non-class” representations for each known attack category, while margin constraints create bounded featu...

work page

[5] [5]

XZ202501ZY0026) and the Open Project Program of Guangxi Key Laboratory of Digital Infrastructure (Grant No

ACKNOWLEDGMENT This work was supported by the Science and Technol- ogy Projects of Xizang Autonomous Region, China (Grant No. XZ202501ZY0026) and the Open Project Program of Guangxi Key Laboratory of Digital Infrastructure (Grant No. GXDIOP2024018)

work page

[6] [6]

Operating system network security enhancement scheme based on trusted storage,

Longyun Qi, Xiaoliang Lv, Lianwen Sun, Tianle Yao, Jianye Yu, and Lei Wang, “Operating system network security enhancement scheme based on trusted storage,” Intelligent and Converged Networks, vol. 4, no. 2, pp. 127–141, 2023

work page 2023

[7] [7]

Multi-step attack detection based on pre- trained hidden markov models,

Xu Zhang, Ting Wu, Qiuhua Zheng, Liang Zhai, Haizhong Hu, Weihao Yin, Yingpei Zeng, and Chuan- hui Cheng, “Multi-step attack detection based on pre- trained hidden markov models,”Sensors, vol. 22, no. 8, pp. 2874, 2022

work page 2022

[8] [8]

Security engineering of patient-centered health care in- formation systems in peer-to-peer environments: Sys- tematic review,

Imrana Abdullahi Yari, Tobias Dehling, Felix Kluge, Juergen Geck, Ali Sunyaev, and Bjoern M. Eskofier, “Security engineering of patient-centered health care in- formation systems in peer-to-peer environments: Sys- tematic review,”Journal of Medical Internet Research, vol. 23, 2020

work page 2020

[9] [9]

Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024,

Syed Sohaib Karim, Mehreen Afzal, Waseem Iqbal, and Dawood Al Abri, “Advanced persistent threat (apt) and intrusion detection evaluation dataset for linux systems 2024,”Data in Brief, vol. 54, pp. 110290, 2024

work page 2024

[10] [10]

A sequential deep learning frame- work for a robust and resilient network intrusion de- tection system,

Soumyadeep Hore, Jalal Ghadermazi, Ankit Shah, and Nathaniel D Bastian, “A sequential deep learning frame- work for a robust and resilient network intrusion de- tection system,”Computers & Security, vol. 144, pp. 103928, 2024

work page 2024

[11] [11]

Ecnet: Robust malicious net- work traffic detection with multi-view feature and confi- dence mechanism,

Xueying Han, Song Liu, Junrong Liu, Bo Jiang, Zhi- gang Lu, and Baoxu Liu, “Ecnet: Robust malicious net- work traffic detection with multi-view feature and confi- dence mechanism,”IEEE Transactions on Information F orensics and Security, 2024

work page 2024

[12] [12]

Ais-nids: An intelligent and self- sustaining network intrusion detection system,

Yasir Ali Farrukh, Syed Wali, Irfan Khan, and Nathaniel D Bastian, “Ais-nids: An intelligent and self- sustaining network intrusion detection system,”Com- puters & Security, vol. 144, pp. 103982, 2024

work page 2024

[13] [13]

Conditional variational auto-encoder and extreme value theory aided two- stage learning approach for intelligent fine-grained known/unknown intrusion detection,

Jian Yang, Xiang Chen, Shuangwu Chen, Xiaofeng Jiang, and Xiaobin Tan, “Conditional variational auto-encoder and extreme value theory aided two- stage learning approach for intelligent fine-grained known/unknown intrusion detection,”IEEE Transac- tions on Information F orensics and Security, vol. 16, pp. 3538–3553, 2021

work page 2021

[14] [14]

Enhancing iot net- work security: Unveiling the power of self-supervised learning against ddos attacks,

Josue Genaro Almaraz-Rivera, Jos ´e Antonio Cantoral- Ceballos, and Juan Felipe Botero, “Enhancing iot net- work security: Unveiling the power of self-supervised learning against ddos attacks,”Sensors (Basel, Switzer- land), vol. 23, 2023

work page 2023

[15] [15]

Few-shot network intrusion detection based on pro- totypical capsule network with attention mechanism,

Handi Sun, Liang Wan, Mengying Liu, and Bo Wang, “Few-shot network intrusion detection based on pro- totypical capsule network with attention mechanism,” PLOS ONE, vol. 18, 2023

work page 2023

[16] [16]

Distributed denial of service attack detec- tion in network traffic using deep learning algorithm,

Mahrukh Ramzan, Muhammad Shoaib, Ayesha Altaf, Shazia Arshad, Faiza Iqbal, ´Angel Kuc Castilla, and Im- ran Ashraf, “Distributed denial of service attack detec- tion in network traffic using deep learning algorithm,” Sensors (Basel, Switzerland), vol. 23, 2023

work page 2023

[17] [17]

A convolu- tional neural network for improved anomaly-based net- work intrusion detection,

Isra M. Al-Turaiki and Najwa Altwaijry, “A convolu- tional neural network for improved anomaly-based net- work intrusion detection,”Big Data, vol. 9, pp. 233 – 252, 2021

work page 2021

[18] [18]

Network traffic classification for data fusion: A survey,

Jingjing Zhao, Xuyang Jing, Zheng Yan, and Witold Pedrycz, “Network traffic classification for data fusion: A survey,”Inf. Fusion, vol. 72, pp. 22–47, 2021

work page 2021

[19] [19]

Smote-drnn: A deep learning algorithm for botnet de- tection in the internet-of-things networks,

Segun I. Popoola, Bamidele Adebisi, Ruth Ande, Mo- hammad Hammoudeh, Kelvin O. O. Anoh, and Atayero, “Smote-drnn: A deep learning algorithm for botnet de- tection in the internet-of-things networks,”Sensors (Basel, Switzerland), vol. 21, 2021

work page 2021

[20] [20]

Deep autoencoding gaussian mixture model for unsu- pervised anomaly detection,

Bo Zong, Qi Song, Martin Renqiang Min, Wei Cheng, Cristian Lumezanu, Dae ki Cho, and Haifeng Chen, “Deep autoencoding gaussian mixture model for unsu- pervised anomaly detection,” inInternational Confer- ence on Learning Representations, 2018

work page 2018

[21] [21]

Open set recognition with dissimilarity weight for unknown attack detection,

Gun-Yoon Shin, Dong-Wook Kim, and Myung-Mook Han, “Open set recognition with dissimilarity weight for unknown attack detection,”IEEE Access, vol. 11, pp. 102381–102390, 2023

work page 2023

[22] [22]

Mf2pose: Multi-task feature fusion pseudo-siamese network for intrusion detection using category-distance promotion loss,

Jiawei Zhang, Rui Chen, Yanchun Zhang, Weihong Han, Zhaoquan Gu, Shuqiang Yang, and Yongquan Fu, “Mf2pose: Multi-task feature fusion pseudo-siamese network for intrusion detection using category-distance promotion loss,”Knowl. Based Syst., vol. 283, pp. 111110, 2023

work page 2023

[23] [23]

Toward generating a new intrusion detec- tion dataset and intrusion traffic characterization,

Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward generating a new intrusion detec- tion dataset and intrusion traffic characterization,” inIn- ternational Conference on Information Systems Security and Privacy, 2018

work page 2018

[24] [24]

Poisoning and evasion: Deep learning-based nids under adversarial attacks,

Hesamodin Mohammadian, Arash Habibi Lashkari, and Ali A. Ghorbani, “Poisoning and evasion: Deep learning-based nids under adversarial attacks,”2024 21st Annual International Conference on Privacy, Se- curity and Trust (PST), pp. 1–9, 2024

work page 2024

[25] [25]

A baseline for detecting misclassified and out-of-distribution examples in neural networks,

Dan Hendrycks and Kevin Gimpel, “A baseline for detecting misclassified and out-of-distribution examples in neural networks,” inInternational Conference on Learning Representations, 2017

work page 2017

[26] [26]

Enhancing the reliability of out-of-distribution image detection in neu- ral networks,

Shiyu Liang, Yixuan Li, and R Srikant, “Enhancing the reliability of out-of-distribution image detection in neu- ral networks,” inInternational Conference on Learning Representations, 2018

work page 2018

[27] [27]

A scalable network intrusion detection system towards de- tecting, discovering, and learning unknown attacks,

Zhao Zhang, Yong Zhang, Da Guo, and Mei Song, “A scalable network intrusion detection system towards de- tecting, discovering, and learning unknown attacks,”In- ternational Journal of Machine Learning and Cybernet- ics, vol. 12, pp. 1649 – 1665, 2021

work page 2021

[28] [28]

Recent advances in open set recognition: A survey,

Chuanxing Geng, Sheng-jun Huang, and Songcan Chen, “Recent advances in open set recognition: A survey,” IEEE transactions on pattern analysis and machine in- telligence, vol. 43, no. 10, pp. 3614–3631, 2020

work page 2020